Skip to content

Commit

Permalink
Publish to ghcr.io with attestations
Browse files Browse the repository at this point in the history
  • Loading branch information
@DrEsteban
DrEsteban committed May 23, 2024
1 parent 2474bce commit 24d1ae5
Showing 1 changed file with 54 additions and 18 deletions.
72 changes: 54 additions & 18 deletions .github/workflows/publish_release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,32 +18,35 @@ on:
required: false
default: 'v'

permissions:
contents: write
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}

jobs:
release:

runs-on: ubuntu-latest

permissions:
id-token: write
contents: write
packages: write
attestations: write

steps:
- uses: actions/checkout@v4
- name: Setup .NET
uses: actions/setup-dotnet@v4
with:
dotnet-version: 8.0.x
- name: Restore dependencies
run: dotnet restore
- name: Build
run: dotnet build --no-restore
- name: Test
run: dotnet test --no-build --verbosity normal
- name: Build and Test
run: dotnet test --verbosity normal
- name: Generate Semantic Version
id: generate_semver
if: ${{ inputs.version == 'v' && github.event_name == 'workflow_dispatch' }}
uses: zwaldowski/semver-release-action@v4
with:
github_token: ${{ secrets.GITHUBTOKEN }}
github_token: ${{ github.token }}
bump: patch
prefix: v
dry_run: true
Expand All @@ -54,6 +57,8 @@ jobs:
VERSION=${VERSION_TAG//v/}
echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "version_tag=$VERSION_TAG" >> $GITHUB_OUTPUT
# Binaries
- name: Publish Windows
run: dotnet publish -r win-x64 /p:Version=${{ steps.set_version.outputs.version }} -o ./publish/win-x64 ./API
- name: Publish Linux
Expand All @@ -62,27 +67,58 @@ jobs:
run: dotnet publish -r osx-x64 /p:Version=${{ steps.set_version.outputs.version }} -o ./publish/osx-x64 ./API
- name: Publish OSX-ARM
run: dotnet publish -r osx-arm64 /p:Version=${{ steps.set_version.outputs.version }} -o ./publish/osx-arm64 ./API
# - name: Upload Artifacts
# uses: actions/[email protected]
# with:
# # A file, directory or wildcard pattern that describes what to upload
# path: ./publish
- name: Generate artifact attestation
uses: actions/attest-build-provenance@v1
with:
subject-path: './publish/**'
- name: Zip Artifacts
run: |
mkdir -p ./release
zip -r ./release/win-x64.zip ./publish/win-x64
tar -czvf ./release/linux-x64.tar.gz ./publish/linux-x64
tar -czvf ./release/osx-x64.tar.gz ./publish/osx-x64
tar -czvf ./release/osx-arm64.tar.gz ./publish/osx-arm64
- name: Push version tag
run: git tag ${{ steps.set_version.outputs.version_tag }} && git push origin ${{ steps.set_version.outputs.version_tag }} || true
- name: Generate ZIP attestation
uses: actions/attest-build-provenance@v1
with:
subject-path: './release/*'

# Docker
- name: Docker Login
uses: docker/[email protected]
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ github.token }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/[email protected]
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
- name: Build Docker image
id: push
uses: docker/[email protected]
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
- name: Generate image artifact attestation
uses: actions/attest-build-provenance@v1
with:
subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
subject-digest: ${{ steps.push.outputs.digest }}
push-to-registry: true

# Release
- name: Create GitHub Release
uses: ncipollo/[email protected]
with:
artifacts: ./release/*
token: ${{ secrets.GITHUBTOKEN }}
token: ${{ github.token }}
tag: ${{ steps.set_version.outputs.version_tag }}
commit: ${{ github.sha }}
generateReleaseNotes: true
draft: ${{ inputs.draft }}
prerelease: false
allowUpdates: true
allowUpdates: true

0 comments on commit 24d1ae5

Please sign in to comment.